[Kimchi-devel] RFC: Design of the authentication in Kimchi

Wen Wang wenwang at linux.vnet.ibm.com
Mon Jul 7 09:44:12 UTC 2014


It's authorization that I am talking about, please ignore this one and I 
will send another e-mail. Sorry for the inconvenience.

Regards

Wang Wen

On 7/7/2014 4:40 PM, Wen Wang wrote:
> Hi all,
>
> Due to the fact that Kimchi needs authentication feature to be 
> designed. I an posting my point of view below of how I thought about 
> doing it, including how I plan doing it in the front-end and request 
> for help for the back end support.
>
> Kimchi changed to a traditional login patten in last release that 
> makes Kimchi more secure to use. It Before login, the front-end can 
> hardly get any html information before user actually login. As we 
> discussed, root user will have full access to Kimchi whereas the 
> non-root user will have restricted privileges. It will be easier and 
> more decent to show the proper tabs to certain users that 
> distinguished by the back-end. Now the tabs are generated by an xml 
> file generated from the back-end that show all 5 tabs. We probably 
> need to have the '*Host*' and '*template*' tab_removed_ for non-root 
> users, which is recommended to be done in the back-end.
>
> Also there need to be information provided to the front-end like the 
> user-name, user-role as well as user-group, etc. that indicate user 
> identity after login. The browser need the information to give certain 
> privileges to certain users and disable the unnecessary functions. My 
> suggestion is to have these 3 parameters passed: ***user-name, 
> user-role* as well as *user-group*. There is a better extendibility to 
> user the user-role other than isRoot so that we can define more roles 
> in the future. As fact that we have only defined two roles now, the 
> user-role parameter can be divided into root and guest based on user 
> is root or non-root. These message can get from *sessiondada*, *cookie 
> *or passed according to a query. the way passing the info of the user 
> is still under discussion. Request for your advises.
>
> Best Regards
>
> Wang Wen
>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140707/d8f2cc77/attachment.html>


More information about the Kimchi-devel mailing list